| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
| |
Bug: #87
Closes: #87
Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>
Signed-off-by: Sven Eden <sven.eden@prydeworx.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(emersion):
> sd-bus is shipped with elogind, so it makes sense to ship the
> busctl command, too.
This is not only a nice helper tool to take a closer look at what is
happening on the dbus, it will also prove to be usefull if something
like issue #59 happens ever again. There we had to use dbus-send
directly to dissect the bus traffic.
Bug: #86
Closes: #86
Signed-off-by: Sven Eden <sven.eden@prydeworx.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This new call move an sd_bus_error into another one.
(cherry picked from commit 190128e407eb24a445554c0e1f956a1d51f97338)
In the backport, the new function is made non-public, declared in bus-error.h
not sd-bus.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mempool use is enabled or disabled based on the mempool_use_allowed symbol that
is linked in.
Should fix assert crashes in external programs caused by #9792.
Replaces #10286.
v2:
- use two different source files instead of a gcc constructor
(cherry picked from commit a5d8835c78112206bbf0812dd4cb471f803bfe88)
|
|
|
|
|
|
|
|
|
|
| |
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.
The fuzzer test case is just for one site, but they all look similar.
v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
(cherry picked from commit 902000c19830f5e5a96e8948d691b42e91ecb1e7)
|
|
|
|
| |
(cherry picked from commit d831fb6f2bde829f9309aea242f502587662d1cc)
|
|
|
|
|
|
|
| |
The change is similar to that in the previous commit, but I don't have
a reproducer / test case case for this one, so I'm keeping it seperate.
(cherry picked from commit 3d338a302f56c0ef0445660d9856794abe1af8b5)
|
|
|
|
|
|
|
|
|
| |
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
(cherry picked from commit 73777ddba5100fe6c0791cd37a91f24a515f3202)
|
|
|
|
|
|
|
|
|
|
| |
This is similar to the grandparent commit 'fix calculation of offsets table',
except that now the change is for array elements. Same story as before: we need
to make sure that the offsets increase enough taking alignment into account.
While at it, rename 'p' to 'previous' to match similar code in other places.
(cherry picked from commit f88214cf9d66c93f4d22c4c8980de9ee3ff45bab)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The offsets specify the ends of variable length data. We would trust the
incoming data, putting the offsets specified in our message
into the offsets tables after doing some superficial verification.
But when actually reading the data we apply alignment, so we would take
the previous offset, align it, making it bigger then current offset, and
then we'd try to read data of negative length.
In the attached example, the message specifies the following offsets:
[1, 4]
but the alignment of those items is
[1, 8]
so we'd calculate the second item as starting at 8 and ending at 4.
(cherry picked from commit 12603b84d2fb07603e2ea94b240c6b78ad17510e)
|
|
|
|
|
|
|
| |
We'd calculate the "real" length of the string as 'item_size - 1', which does
not work out well when item_size == 0.
(cherry picked from commit 81b6e63029eefcb0ec03a3a7c248490e38106073)
|
|
|
|
|
|
|
| |
-EINVAL means the arguments were somehow wrong, so translate the code we get
internally into -EBADMSG when returning.
(cherry picked from commit 69bd42ca072dfb2f7603b1f82053063293ab54b5)
|
|
|
|
|
|
|
|
|
|
| |
The alternative would be to treat gvariant and !gvariant messages differently.
But this is a problem because we check signatures is variuos places before we
have an actual message, for example in sd_bus_add_object_vtable(). It seems
better to treat things consistent (i.e. follow the lowest common denominator)
and disallow empty structures everywhere.
(cherry picked from commit ec6bda56cbca9509b1abde1122645630caca877c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We didn't free one of the fields in two of the places.
$ valgrind --show-leak-kinds=all --leak-check=full \
build/fuzz-bus-message \
test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
...
==14457== HEAP SUMMARY:
==14457== in use at exit: 3 bytes in 1 blocks
==14457== total heap usage: 509 allocs, 508 frees, 51,016 bytes allocated
==14457==
==14457== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
==14457== at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==14457== by 0x53AFE79: strndup (in /usr/lib64/libc-2.27.so)
==14457== by 0x4F52EB8: free_and_strndup (string-util.c:1039)
==14457== by 0x4F8E1AB: sd_bus_message_peek_type (bus-message.c:4193)
==14457== by 0x4F76CB5: bus_message_dump (bus-dump.c:144)
==14457== by 0x108F12: LLVMFuzzerTestOneInput (fuzz-bus-message.c:24)
==14457== by 0x1090F7: main (fuzz-main.c:34)
==14457==
==14457== LEAK SUMMARY:
==14457== definitely lost: 3 bytes in 1 blocks
(cherry picked from commit 6d1e0f4fcba8d6f425da3dc91805db95399b3c8b)
|
|
|
|
|
|
|
|
|
| |
As far as I can see, we would either reuse some values from a previously exited
container or just random bytes from the heap.
Should fix #10127.
(cherry picked from commit cf81c68e96aa29d0c28b5d3a26d1de9aa1b53b85)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v2: fix error in free_and_strndup()
When the orignal and copied message were the same, but shorter than specified
length l, memory read past the end of the buffer would be performed. A test
case is included: a string that had an embedded NUL ("q\0") is used to replace
"q".
v3: Fix one more bug in free_and_strndup and add tests.
v4: Some style fixed based on review, one more use of free_and_replace, and
make the tests more comprehensive.
(cherry picked from commit 7f546026abbdc56c453a577e52d57159458c3e9c)
|
|
|
|
|
|
|
|
| |
We would verify destination e.g. in sd_bus_message_new_call, but allow setting
any value later on with sd_bus_message_set_destination. I assume this check was
omitted not on purpose.
(cherry picked from commit 3d51a011f11523694f03c74cdd011c89beba05cc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The switch to memory_startswith() changed the logic to only look for a space or
NUL byte after the matched word, but matching the full size should also be
acceptable.
This changed the behavior of parsing of "AUTH\r\n", where m will be set to 4,
since even though the word will match, the check for it being followed by ' '
or NUL will make line_begins() return false.
Tested:
- Using netcat to connect to the private socket directly:
$ echo -ne '\0AUTH\r\n' | sudo nc -U /run/systemd/private
REJECTED EXTERNAL ANONYMOUS
- Running the Ignition blackbox test:
$ sudo sh -c 'PATH=$PWD/bin/amd64:$PATH ./tests.test'
PASS
Fixes: d27b725abf64a19a6b2f99332b663f17ad046771
(cherry picked from commit 3f10c66270b74530339b3f466c43874bb40c210f)
|
|
|
|
|
|
|
|
|
|
|
| |
When a slot is disconnected, then slot->match_callback.install_slot
is also disconnected. So, bus_slot_disconnect() removes the install_slot
from the list of slots in bus, although it is a floating object.
This makes install_slot unreffed from bus when it is disconnected.
Fixes #9505 and #9510.
(cherry picked from commit 20d4ee2cbc21e0c4d2dd6c01d5a18a4cf0d98222)
|
|
|
|
| |
(cherry picked from commit affaed1e55685e8e248db1afd50b3e0f466ce5cc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the path to system_bus_socket is hardcoded to
/run/dbus/system_bus_socket
which works everywhere for systemd.
However, distributions which do no symlink /var/run on /run will have
it only accessible via
/run/dbus/system_bus_socket
which should be supported by elogind, too.
Closes #77
Signed-off-by: Christoph Willing <chris.willing@linux.com>
Sigend-off-by: Sven Eden <sven.eden@prydeworx.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
No matter how much advanced check_tree.pl is, there are plenty possibilities
where upstream changes can be transported wrong. Mainly adding something we then
have to mask out. But at the end of the day this is actually wanted, so we do
not miss important changes.
|
|
|
|
|
|
|
|
| |
MSG_NOSIGNAL is only defined for sendmsg(), not for recvmsg(), hence
let's drop it's use, in particular as it appears to create problems on
older kernels. See:
https://lists.freedesktop.org/archives/systemd-devel/2018-June/040869.html
|
| |
|
| |
|
|
|
|
|
|
|
| |
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
|
|
|
|
|
|
| |
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
|
|
|
|
|
|
|
|
|
|
| |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
|
|
|
|
|
| |
Let's always write "1 << 0", "1 << 1" and so on, except where we need
more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force
64bit values.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since bb28e68477a3a39796e4999a6cbc6ac6345a9159 parsing failures of
certain unit file settings will result in load failures of units. This
introduces a new load state "bad-setting" that is entered in precisely
this case.
With this addition error messages on bad settings should be a lot more
explicit, as we don't have to show some generic "errno" error in that
case, but can explicitly say that a bad setting is at fault.
Internally this unit load state is entered as soon as any configuration
loader call returns ENOEXEC. Hence: config parser calls should return
ENOEXEC now for such essential unit file settings. Turns out, they
generally already do.
Fixes: #9107
|
|
|
|
|
| |
This adds what has been added to sd_bus_slot and sd_bus_track to
sd_event too.
|
|
|
|
|
| |
This augments previous work for this for sd_bus_slot objects, and adds
the same concept to sd_bus_track objects, too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a function sd_bus_slot_set_destroy_callback() to set a function
which can free userdata or perform other cleanups.
sd_bus_slot_get_destory_callback() queries the callback, and is included
for completeness.
Without something like this, for floating asynchronous callbacks, which might
be called or not, depending on the sequence of events, it's hard to perform
resource cleanup. The alternative would be to always perform the cleanup from
the caller too, but that requires more coordination and keeping of some shared
state. It's nicer to keep the cleanup contained between the callback and the
function that requests the callback.
|
| |
|
|
|
|
|
|
| |
This tests a couple of corner cases of the sd-event API including
changing priorities of existing event sources, as well as overflow
conditions of the inotify queue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new call sd_event_add_inotify() which allows watching for
inotify events on specified paths.
sd-event will try to minimize the number of inotify fds allocated, and
will try to add file watches to the same inotify fd objects as far as
that's possible. Doing this kind of inotify object should optimize
behaviour in programs that watch a limited set of mostly independent
files as in most cases a single inotify object will suffice for watching
all files.
Traditionally, this kind of coalescing logic (i.e. that multiple event
sources are implemented on top of a single inotify object) was very hard
to do, as the inotify API had serious limitations: it only allowed
adding watches by path, and would implicitly merge watches installed on
the same node via different path, without letting the caller know about
whether such merging took place or not.
With the advent of O_PATH this issue can be dealt with to some point:
instead of adding a path to watch to an inotify object with
inotify_add_watch() right away, we can open the path with O_PATH first,
call fstat() on the fd, and check the .st_dev/.st_ino fields of that
against a list of watches we already have in place. If we find one we
know that the inotify_add_watch() will update the watch mask of the
existing watch, otherwise it will create a new watch. To make this
race-free we use inotify_add_watch() on the /proc/self/fd/ path of the
O_PATH fd, instead of the original path, so that we do the checking and
watch updating with guaranteed the same inode.
This approach let's us deal safely with inodes that may appear under
various different paths (due to symlinks, hardlinks, bind mounts, fs
namespaces). However it's not a perfect solution: currently the kernel
has no API for changing the watch mask of an existing watch -- unless
you have a path or fd to the original inode. This means we can "merge"
the watches of the same inode of multiple event sources correctly, but
we cannot "unmerge" it again correctly in many cases, as access to the
original inode might have been lost, due to renames, mount/unmount, or
deletions. We could in theory always keep open an O_PATH fd of the inode
to watch so that we can change the mask anytime we want, but this is
highly problematics, as it would consume too many fds (and in fact the
scarcity of fds is the reason why watch descriptors are a separate
concepts from fds) and would keep the backing mounts busy (wds do not
keep mounts busy, fds do). The current implemented approach to all this:
filter in userspace and accept that the watch mask on some inode might
be higher than necessary due to earlier installed event sources that
might have ceased to exist. This approach while ugly shouldn't be too
bad for most cases as the same inodes are probably wacthed for the same
masks in most implementations.
In order to implement priorities correctly a seperate inotify object is
allocated for each priority that is used. This way we get separate
per-priority event queues, of which we never dequeue more than a few
events at a time.
Fixes: #3982
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
We currently return -ENOMEDIUM when /etc/machine-id is empty, and -EINVAL when
it is all zeros. But -EINVAL is also used for invalid args. The distinction
between empty and all-zero is not very important, let's use the same return
code.
Also document -ENOENT and -ENOMEDIUM since they can be a bit surprising.
|